Thanks for the info. After a lot of searching I found this thread which helped me set up proxy https in apache web server.
I quote the apache config in case it is usefull to other members of the community:

    <VirtualHost *:443>

    ServerName lightning.domain.com

    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    ProxyRequests On
    ProxyPreserveHost On

    <Location / >

    ProxyPass http://10.13.37.5:3007/
    ProxyPassReverse http://10.13.37.5:3007/

    </Location>

    SSLCertificateFile /etc/letsencrypt/live/lightning.domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/lightning.domain.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    </VirtualHost>

With the new update out for LNBits I was able to finally resolve this issue.

1. First update to LNbits version: 0.10.6
2. Use this guide to ensure your NGINX proxy is configured properly.

Something important to note, because Umbrel is already using port 80, you can’t set up a listener in NGINX to forward HTTP traffic to HTTPS. You can however skip using LetsEncrypt to issue your SSL certificates and instead install Origin Server certificates issued by Cloudflare.
On the SSL / TLS Overview page, ensure your SSL/TLS encryption mode is Full (strict).
Under the Edge Certificate tab, enable Always Use HTTPS. This will take care of managing your SSL certificates, proxy your node’s IP address, and redirect HTTP traffic.

At this stage you should be able to access LNBits over clearnet and on your local network. When using LNaddress or LNURLs you should be getting:

Error: 2 validation errors for LnurlPayResponse callback URL host invalid, top level domain required (type=value_error.url.host) callback URL scheme not permitted (type=value_error.url.scheme; allowed_schemes={‘https’})

Edit the docker compose file for the app:

~/umbrel/app-data/lnbits/docker-compose.yml

First, you need to turn off Admin UI to force LNBits to use the environment variables set in the docker compose file, when Admin UI is enabled, it stores and uses the settings configured in the database.
Restart the app with the following command:

~/umbrel/scripts/app restart lnbits

Under #Global add the following:
HOST: "mydomain.com"
(don’t add https:// or www., etc.)

Under #App add the following:
FORWARDED_ALLOW_IPS: "*"

Finally, restart the app once again. Once it finishes restarting you should be able to use LNURLs and LN addresses. If you are still having issues, try debugging by reading the logs of the docker container.

Use this command to list all the docker containers, look for one called lnbits_web_1, copy the container ID.

docker ps

Then use this command to follow the logs. This can be useful to tell which IP is being interpreted by pydantic- which is what is throwing this error.
You know its working when you see the IP address of the container in the Umbrel app network when accessing LNbits from your local network. It should show your nodes public IP address when receiving traffic from using the LNURL or LNaddress.

Thank you for this guide. I was able to follow it easily but run into two issues that needed more research.

The nginx config noted here is slightly out of date now. If anyone is following it and getting the “unsupported upgrade request” from nginx, then update the config file by commenting out:
#proxy_set_header Connection ‘Upgrade’; as it’s no longer required post v0.10

If you’re getting error when starting nginx then make sure the brackets and semicolons are set properly as they way it’s written here causes the start procedure to fail.

For anyone reading this and a little overwhelmed with all the command line stuff. If you are already running a synology NAS, you can use the built in reverse proxy and create a certificate. very easily using this guide:

I used noip.com to create a DDNS entry (make sure to enable wildcards - so that you can do something like https://lnbits.yourdomain.noip.com and https://webserver.yourdomain.noip.com both will be sent to your firewall - make sure to forward 443 to NAS then your reverse proxy on NAS will redirect each subdomain to correct location on LAN

Hi everyone,

It is probably a stupid question but why do I need to configure a reverse proxy? Can I just configure a port forwarding to redirect the traffic to my LNbits instance?

Instead of

[Internet] - [Home Router/Firewall] - [Front-End Gateway] - [Umbrel]

I will have

[Internet] - [Home Router/Firewall] - [Umbrel]

What do you think about that?

Edit : OK I found that it is better for privacy and DDOS attack protection to use a reverse proxy so that the umbrel node is never requested directly

Thanks for posting this! I’m trying to follow it myself (Umbrel 1.2.2 and LNBits 0.12.11). My goal is to enable LNURLP over clearnet. My current setup:

• Cloudflare tunnel app installed
• SSL/TLS encryption mode for my domain configured to “full (strict)”
• “Always use HTTPS” setting enabled under Edge Certificates
• Cloudflare tunnel set up to route lnbits.mydomain.com to http://umbrel.local:3007
• Added HOST: 'lnbits.mydomain.com' to docker-compose
• Added FORWARDED_ALLOW_IPS: '*' to docker-compose

With these settings (and actually without those above additions to docker-compose, too), I get the following message when I load the LNURLP extension UI:

LNURLs need to be delivered over a publicly accessible https domain or Tor onion.
426

I also get a 500 error when I attempt to create an LNURL.

Can anyone point me in the right direction?

EDIT

I got it working.
A deep googling rabbit hole brought me to this github issue.

In particular, this comment links to this docker-compose file with recommended updates to get LNURL functions to work over clearnet via reverse proxy (or Cloudflare tunnel in my case; again note my domain SSL/TLS setting above in my post).

Specifically, the two docker-compose file additions that got it working for me given the above setup were:

1. Adding PROXY_TRUST_UPSTREAM: "true" in the app_proxy service
2. Adding command: uvicorn lnbits.__main__:app --port "3007" --host "0.0.0.0" --forwarded-allow-ips="*" in the web service

Note in #2 above I replaced $APP_LNBITS_PORT from that linked example docker-compose file with "3007" because in the version of the LNBits docker-compose file for Umbrel 1.2.2 / LNBits 0.12.11, ports and IPs are hard-coded rather than being defined as variables. YMMV.

Now to get zapping!

I am unable to get it working. May you share your docker-composer.yml please?